PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

last person joined: yesterday

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).

Back to discussions

Expand all | Collapse all

PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

Jump to Best Answer

This thread has been viewed 2 times

1. PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

0 Kudos
lukeb
Posted Jan 10, 2019 06:48 AM

Reply Reply Privately
Hi, when using a PEAP/MS-CHAPv2 arrangement, is it possible to verify whether a supplicant is connecting with/without checking certificate validity, please? It'd be useful to be able to identify which users are at risk of having the credentials poached by fake APs etc. Thank you
2. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?
Best Answer

0 Kudos
EMPLOYEE

cjoseph
Posted Jan 10, 2019 06:52 AM

Reply Reply Privately
It is not possible.
3. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?
Best Answer

0 Kudos
EMPLOYEE

cappalli
Posted Jan 10, 2019 07:47 AM

Reply Reply Privately
No. That's why you don't use PEAP.
4. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

0 Kudos
lukeb
Posted Jan 10, 2019 07:56 AM

Reply Reply Privately
Thanks both.
5. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

0 Kudos
lukeb
Posted Jan 11, 2019 03:05 AM

Reply Reply Privately
Thanks Tim. is there a better option than PEAP that works across Mac/PC/Linux/iOS/Android etc, please?
6. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?
Best Answer

0 Kudos
EMPLOYEE

Pavan Arshewar
Posted Jan 11, 2019 03:41 AM

Reply Reply Privately
EAP-TLS authentication method can be used but managing this is little difficult as both supplicant and authenticaiton server need certifictes to trust each other.
7. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

0 Kudos
lukeb
Posted Jan 11, 2019 07:33 AM

Reply Reply Privately
Thank you - understood - much appreciated!
8. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?
Best Answer

0 Kudos
EMPLOYEE

cappalli
Posted Jan 11, 2019 08:13 AM

Reply Reply Privately
EAP-TLS is the only recommended EAP method.

Security

PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

1. PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

2. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced? Best Answer

3. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced? Best Answer

4. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

5. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

6. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced? Best Answer

7. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?

8. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced? Best Answer

2. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?
Best Answer

3. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?
Best Answer

6. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?
Best Answer

8. RE: PEAP MS-CHAPv2: can supplicant certificate use be detected/forced?
Best Answer